0

Currently, my company internet access for visitor are required to request MAC address from them if they want to access to internet. Can we do something like the Hotel wifi? they just access to the network and just key in the password, then they are able to access the internet for certain time of period. so far, i have looking for linux solution, but they are no such program/application available. do you all have any experience on it?

Regards, MH

Min Hong Tan
  • 147
  • 2
  • 11

1 Answers1

2

A great way of doing this is with 802.1x and port-based authentication, combined with a captive portal.

You set up a captive portal on your gateway to make the user accept terms/conditions or enter a guest password. You assign that captive portal onto your guest VLAN.

Then you use 802.1x on all your switch ports. If the MAC address authentication passes, then put the ports native VLAN to your normal protected network.

If the MAC address authentication fails, then the users port goes onto the guest VLAN, and they hit the captive portal.

You'll need:

  • Switches that support 802.1x
  • A RADIUS server to perform the authentication (Such as FreeRADIUS)
  • A gateway that supports captive portals (such as PFSense)
Mark Henderson
  • 68,316
  • 31
  • 175
  • 255
  • i think should be correct,but,i'm not really familiar with 802.1x and port-based authentication,and also vlan , still need to study more information. – Min Hong Tan Aug 22 '14 at 01:24
  • @陈明峰 there's a lot of information for you to learn then. This is not an "easy" solution to implement. – Mark Henderson Aug 22 '14 at 01:27